Job ID: MS-77021 (90091103)
Security Analyst/Officer (ITSO) with risk management, governance, Data Classification/Access Control and audit experience
Location: Jackson MS (MDHS)
Duration: 36 months
Onsite: 100% (Non-locasl willing to relocate are welcome to apply)
References: 3 (mandatory)
Masters is preferred for education, however a Bachelor’s degree would be considered for an outstanding candidate
The ITSO is responsible for:
a. Developing and maintaining agency-specific security plans, policies, and procedures.
b. Interacting with ITS as the primary contact for security related issues.
c. Ensuring MSDH is adhering to the State of Mississippi Enterprise Security Policy.
d. Participating in the state information security listserv.
e. Researching IT industry for security related issues and how it affects MSDH specifically.
f. Monitoring security issues within the agency’s IT resources.
g. Facilitating the State Auditor’s Information Systems Audit and the Third Party Risk Assessment.
MSDH is in need of a full-time IT Security Officer (ITSO) to perform the above tasks and lead the development and maturity of the agency’s enterprise-wide cybersecurity posture. The ITSO will also be responsible for leading and coordinating the security effort among all MSDH’s vendors and systems. The ITSO will require a combination of technical skillsets, including an in-depth understanding of architecture, security, and privacy, as well as proficiency in written and verbal communication abilities.
The ITSO must also maintain a strong understanding of risk management and governance practices and the use of risk management methodologies. Reporting to the Chief of HDOR, the ITSO is responsible for strengthening and maintaining the MSDH information security program, including hands-on execution and day-to-day management of the MSDH enterprise network, as well as responsibility for all aspects of IT security audits.
1. Refine, strengthen and maintain MSDH’s security program.
1.1. Security Framework, Security Planning, and Regulatory Expertise
1.2 Security Policies and Documentation
1.3 Data Classification / Access Control
1.4 Workforce Security Training and Collaboration with MSDH Offices and MSDH’s Business Partners
2 Refine, strengthen, and maintain a security governance risk management and compliance program encompassing operational, procedural, technical, architectural and physical access components.
2.1 Risk Management
3 Manage and be accountable for responses to breaches/security incidents with the MSDH Incident Response Team/Information Security Management Council: